Skills
skills/cisco-ai-defense/skill-scanner/safe-file-reader/Gen Agent Trust Hub

safe-file-reader

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: CRITICALCOMMAND_EXECUTIONDATA_EXFILTRATIONCREDENTIALS_UNSAFE
Full Analysis
  • [COMMAND_EXECUTION] (CRITICAL): Path Traversal in read_file. The os.path.join operation in read.py uses unsanitized user input (filename) for path construction. This allows an attacker to use ../ sequences to escape the intended /home/user/documents directory and read any file on the system.
  • [COMMAND_EXECUTION] (CRITICAL): Arbitrary File Read in read_config. The function read_config in read.py uses string interpolation to build a file path (/etc/app/{config_name}) without validation. By providing a path like ../../etc/shadow, an attacker can read arbitrary sensitive system files.
  • [DATA_EXFILTRATION] (HIGH): Unauthorized Data Exposure. The combination of path traversal and file reading allows for the extraction of sensitive system information (e.g., /etc/passwd) or user data.
  • [CREDENTIALS_UNSAFE] (HIGH): Credential Exposure. The read_config function specifically targets /etc/app/, a common location for application secrets, database credentials, and API keys, making them accessible to malicious actors via the traversal vulnerability.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 16, 2026, 03:00 AM